Android Adware Raises Google Play Security Concerns - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
2/4/2015
11:06 AM
Eric Zeman
Eric Zeman
Commentary
50%
50%

Android Adware Raises Google Play Security Concerns

Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.

8 Wacky Cyberattacks Worse Than Sony Hack
8 Wacky Cyberattacks Worse Than Sony Hack
(Click image for larger view and slideshow.)

Google has suspended three applications from the Play Store after being alerted to the presence of malicious adware. A security firm revealed the infected apps to Google and believes they've been installed on many millions of phones and tablets.

The development raises a number of questions about how Google operates the Play Store and whether or not its reactive approach is the right one.

One of the apps, a solitaire game called Durak, targeted English speakers, according to Avast, the security firm that discovered the adware. The other two applications -- an IQ test and a history app -- targeted Russian speakers. Durak hit the Play Store in December and has been downloaded between 5 and 10 million times.

Whoever created the apps used a clever ploy. The creator remained dormant for a period of up to 30 days in a clear attempt to hide.

"After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?" noted Avast's Filip Chytry in a blog post. All three apps behaved normally after they were installed. Perhaps a week or two later, some users reported some strange behavior from their device after a reboot.

At the 30-day mark, however, things got ugly.

"Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie," explained Chytry. "You are then asked to take action; however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value."

(Image source: Google Play store via Avast)
(Image source: Google Play store via Avast)

Basically, the adware used system-level notifications to generate advertisements for other apps and services. This is strictly verboten behavior. Google was quick to respond to Avast's alert, suspend the apps, and assure people that they shouldn't worry. Hopefully Google plans to do a lot more, because there's plenty to worry about here:

  • How did the apps get past Google's scans? They shouldn't have.
  • What are infected users supposed to do if their handsets can't be cleaned up?
  • What is Google going to do to prevent this from happening again?
  • Will there be any repercussions for the creator of this malicious adware?

[Where are the Android 5.0 Lollipop updates? Check out how the smartphone market is responding.]

Android users have to trust that the apps they download from the Play Store are safe and won't cause them or their devices harm. Google has always warned that downloading apps from sources other than the Play Store is risky. If downloading apps from the Play Store becomes risky, too, then Google will have a significant problem on its hands.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
0%
100%
Thomas Claburn,
User Rank: Author
2/4/2015 | 4:10:56 PM
Re: Play Store
Assuming those apps were free, you get what you pay for. 
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
Slideshows
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
News
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll